karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré ...@nanthrax.net>
Subject Re: Console role based access control and command completion
Date Thu, 31 Aug 2017 12:02:45 GMT
Hi Tom,

We don't use the ACL in the completers, only on the action step. That's why you 
can complete but not execute.

Regards
JB

On 08/31/2017 12:35 PM, tom@quarendon.net wrote:
> If I'm logged on to the console as user, the list of commands I can execute is controlled
by access control lists.
> So, if I'm logged on as a user who has only got the "viewer" role, then I can't shut
karaf down, the system:shutdown command requires the "admin" role.
> 
> Great.
> 
> However, I still appear to be able to get command completion that system:shutdown is
a command, but when I try and invoke it I get "Command not found: system:shutdown", which
seems confusing.
> 
> Is this intentional? I saw a comment in the code somewhere (lost it now) that made me
think that the intention was that only commands I can actually invoke are then put in the
completion list, and indeed that would seem like reasonable behaviour.
> 

-- 
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com

Mime
View raw message